I’d like to point out that viruses don’t have much utility and most of what’s deployed on phones is malware, designed to steal private data which most people tend to keep on their phones. This malware is different from viruses because it actually needs the the phone to continue working properly and for the user to not know it’s infected.

I’d like to point out that viruses don’t have much utility and most of what’s deployed on phones is malware, designed to steal private data which most people tend to keep on their phones. This malware is different from viruses because it actually needs the the phone to continue working properly and for the user to not know it’s infected.

A phone is more akin to an appliance in this comparison.

In the enterprise IT world (i.e. “in the office”), infrastructure devices have OS’s – servers have Windows, Linux, etc.; routers and firewalls have their own OSs as well. However, while vulnerabilities do exist for “appliance” type items (like firewalls and routers), they just don’t offer the same scope and scale of *advantage* that a more fleshed out OS affords a would-be bad actor. As a result, it’s far more common to have to patch a server/workstation than it is the “appliances” in the environment – though vulnerabilities DO show up from time to time and they are every bit as scary – just not the same volume/frequency.

Hackers (I use that term colloquially!) could certainly exploit a phone OS if they wanted. The fish they might be able to net is simply too small for the effort most of the time, when compared to that same effort being put into exploiting mainstream OSs on PCs (or servers) with vastly more potential reward. This is why some, but relatively few, vulnerabilities exist on phone OSs. Make no mistake – apple patches ALL THE TIME to plug scary holes, and so do android phones. They DO exist – just not to the same level.

That said, simpler OSs are vastly simpler to secure as well – another blow to efficiency from a ‘hacker’ use of time perspective.

A phone is more akin to an appliance in this comparison.

In the enterprise IT world (i.e. “in the office”), infrastructure devices have OS’s – servers have Windows, Linux, etc.; routers and firewalls have their own OSs as well. However, while vulnerabilities do exist for “appliance” type items (like firewalls and routers), they just don’t offer the same scope and scale of *advantage* that a more fleshed out OS affords a would-be bad actor. As a result, it’s far more common to have to patch a server/workstation than it is the “appliances” in the environment – though vulnerabilities DO show up from time to time and they are every bit as scary – just not the same volume/frequency.

Hackers (I use that term colloquially!) could certainly exploit a phone OS if they wanted. The fish they might be able to net is simply too small for the effort most of the time, when compared to that same effort being put into exploiting mainstream OSs on PCs (or servers) with vastly more potential reward. This is why some, but relatively few, vulnerabilities exist on phone OSs. Make no mistake – apple patches ALL THE TIME to plug scary holes, and so do android phones. They DO exist – just not to the same level.

That said, simpler OSs are vastly simpler to secure as well – another blow to efficiency from a ‘hacker’ use of time perspective.

Two main factors: Design goals and the changing nature of virus motivations.

Design Goals:

PCs were designed and marketed as the ultimate multi-tool that can do everything. They are an open system (even Windows). Developers were given full access to *everything*, even at the lowest level. Protections against developers doing bad things are, therefore, a constant battle that can be defeated by the user saying, “yes, give TotallyNotMalware.exe permission to everything on my system”.

Smartphones were designed from the start to be locked down and limited. They are a closed system. Developers are third-class citizens and must put up with any restrictions the platform offers. That wasn’t the case on all phone OS, but it is with iOS and, to a lesser extent, Android.

Virus Motives:

Smartphones *do* have viruses, but you just don’t hear about them that much. PC viruses started in an era where there wasn’t really any money in it. It was all for prestige or anarchy. As such, the virus makers tried to be high profile, and the viruses made the news and you heard about them.

Now, there is lots of money in malware. Therefore, the malware does not want to negatively affect the host (at least, not until the last minute in the case of ransomware). If they harm the host directly, then the user might stop using the device or get it reset. So modern malware mostly tries to run under the radar and sit there compromising passwords and such. This doesn’t cause the same headline-grabbing “FL00FB3RG VIRUS TAKES DOWN THE INTERNET” headlines of the PC virus heyday.

Two main factors: Design goals and the changing nature of virus motivations.

Design Goals:

PCs were designed and marketed as the ultimate multi-tool that can do everything. They are an open system (even Windows). Developers were given full access to *everything*, even at the lowest level. Protections against developers doing bad things are, therefore, a constant battle that can be defeated by the user saying, “yes, give TotallyNotMalware.exe permission to everything on my system”.

Smartphones were designed from the start to be locked down and limited. They are a closed system. Developers are third-class citizens and must put up with any restrictions the platform offers. That wasn’t the case on all phone OS, but it is with iOS and, to a lesser extent, Android.

Virus Motives:

Smartphones *do* have viruses, but you just don’t hear about them that much. PC viruses started in an era where there wasn’t really any money in it. It was all for prestige or anarchy. As such, the virus makers tried to be high profile, and the viruses made the news and you heard about them.

Now, there is lots of money in malware. Therefore, the malware does not want to negatively affect the host (at least, not until the last minute in the case of ransomware). If they harm the host directly, then the user might stop using the device or get it reset. So modern malware mostly tries to run under the radar and sit there compromising passwords and such. This doesn’t cause the same headline-grabbing “FL00FB3RG VIRUS TAKES DOWN THE INTERNET” headlines of the PC virus heyday.

Almost 300, none of ’em could explain to a 5. Here’s me try:

Imagine you have a really big business, and you’re the client of this business. At the building of this business you can get in a salesperson and ask for whatever that business sells. Surely they won’t let you get in their warehouse, or offices, or staff kitchen. On smartphones all you can do is get close to a salesperson and say you want to buy something and that’s it, in PCs OSs, if you ask them they will simply let you do whatever you want to in that business, use the staff bathroom, use staff kitchen, get in administrative offices, whatever. Sure they have a boss? Surely but in this context Android/iOS don’t have a boss (and this is where “rooting”/”jailbreaking” a device gets a place) and PCs OSs usually the client is the boss.

On windows PCs the boss is that user account control settings that makes the background dark and everyone simply clicks yes and on Mac sudo is the boss. Whatever software you use and viruses are the client, the building the operating system.

Viruses for Android/iOS are way less available cuz it’s not worth try to fool the salesperson to get to do what you want to, on PCs you can simply expect the client say “yes”.

To fit a real world situation on a computer “reality” is tough, this is not really accurate and don’t fit in many situations that would occur in PCs.

Windows gets a lot of viruses because historically it was a single user operating system and the single user was allowed to do anything. Then Microsoft sort of bolted on the type of user controls and permissions that Linux and Unix have had from the beginning.

Linux, Unix, BSD, OS X, etc… Were designed from the start to have multiple users and not allow every user to do everything.

The phone operating systems are based on BSD (iPhone) and Linux (Android) and take security a step further by sandboxing every application and strictly controlling how that application can interact with the operating system. On top of that all the apps come from the centralized app store or they can be scanned and examined by Google or Apple.

Windows is still the worst, but compared to how it was 20 years ago it’s many orders of magnitude more secure. It’s really not that bad even still being technically the worst.

Windows gets a lot of viruses because historically it was a single user operating system and the single user was allowed to do anything. Then Microsoft sort of bolted on the type of user controls and permissions that Linux and Unix have had from the beginning.

Linux, Unix, BSD, OS X, etc… Were designed from the start to have multiple users and not allow every user to do everything.

The phone operating systems are based on BSD (iPhone) and Linux (Android) and take security a step further by sandboxing every application and strictly controlling how that application can interact with the operating system. On top of that all the apps come from the centralized app store or they can be scanned and examined by Google or Apple.

Windows is still the worst, but compared to how it was 20 years ago it’s many orders of magnitude more secure. It’s really not that bad even still being technically the worst.

Almost 300, none of ’em could explain to a 5. Here’s me try:

Imagine you have a really big business, and you’re the client of this business. At the building of this business you can get in a salesperson and ask for whatever that business sells. Surely they won’t let you get in their warehouse, or offices, or staff kitchen. On smartphones all you can do is get close to a salesperson and say you want to buy something and that’s it, in PCs OSs, if you ask them they will simply let you do whatever you want to in that business, use the staff bathroom, use staff kitchen, get in administrative offices, whatever. Sure they have a boss? Surely but in this context Android/iOS don’t have a boss (and this is where “rooting”/”jailbreaking” a device gets a place) and PCs OSs usually the client is the boss.

On windows PCs the boss is that user account control settings that makes the background dark and everyone simply clicks yes and on Mac sudo is the boss. Whatever software you use and viruses are the client, the building the operating system.

Viruses for Android/iOS are way less available cuz it’s not worth try to fool the salesperson to get to do what you want to, on PCs you can simply expect the client say “yes”.

To fit a real world situation on a computer “reality” is tough, this is not really accurate and don’t fit in many situations that would occur in PCs.